﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Mvc;
using System.Security.Principal;

namespace MTO.Framework.Web.Mvc
{
    /// <summary>
    /// Represents an attribute that is used to restrict access by callers to an action method except the ones that is decoreted with the AllowAnonymous attribute.
    /// </summary>
    public sealed class MTOAuthorizeAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);

            if (!skipAuthorization)
            {
                base.OnAuthorization(filterContext);
            }
        }

        public bool IsAuthorized(System.Web.HttpContextBase httpContext)
        {
            return AuthorizeCore(httpContext);
        }
    }
}
